That's why I'm glad some manufacturers are finally getting with the program and auto-setting to bridged mode (much less supporting bridged mode at all).
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com ----- Original Message ----- From: "Ken Hohhof" <af...@kwisp.com> To: af@afmug.com Sent: Thursday, January 7, 2016 10:13:50 AM Subject: Re: [AFMUG] RADIUS I like radios to be radios and routers to be routers. Everyone is going to have home WiFi anyway, why have a router behind a router? My preferred scenario is radio then POE then a bridged ATA on its own private IP if they have VoIP then a managed Mikrotik router. There is some appeal for a device like the Cambium router that integrates POE for the radio and ATA functions. I see radios as managed layer 2 devices, maybe with some layer 3 filtering. Right now people seem to like bring-your-own-router but that is gradually changing, as people get used to cable and DSL modems and fiber "network boxes" providing that function. Go to a Best Buy and you may have a hard time finding the routers, most people don't buy them anymore, they expect to get one from their service provider. Of course this is partly driven by cable WiFi - Comcast wants to operate a WiFi hotspot from your house. Also the FCC Open Internet order seems to require that ISPs let customers bring their own devices, it's not clear if this includes routers or just stuff like computers, tablets, game consoles, streaming devices, etc. -----Original Message----- From: Simon Westlake Sent: Thursday, January 07, 2016 9:57 AM To: af@afmug.com Subject: Re: [AFMUG] RADIUS If you're having customers auth with PPPoE themselves, yeah. I'd much rather do it right in the radio, but I would agree that your scenario is quite plausible! On 1/7/2016 9:53 AM, Ken Hohhof wrote: > A far more likely scenario is customer buys new router, puts his WiFi > password in as the PPPoE password, it doesn't work so he gives up, and > router tries the wrong password every 10 seconds for a couple days until > he gets around to calling you. Lots of log entries. > > I guess you could cover Netgear routers by creating a login for "guest" > and redirecting to a page that says call this number for help with your > PPPoE setup. Why Netgear sets it to "guest" instead of blank, I don't > know. > > > -----Original Message----- From: Simon Westlake > Sent: Thursday, January 07, 2016 9:13 AM > To: af@afmug.com > Subject: Re: [AFMUG] RADIUS > > You think so? You're saying you think that a user that enters an invalid > username and password should still get access to the network? I guess if > you're giving the credentials to end users, it might make sense, so it's > clear to them that they entered it incorrectly. If you're putting it > into your radios exclusively though, it seems like you might not want to > give a user any access at all if they're just trying random passwords. > > On 1/7/2016 7:05 AM, Dennis Burgess wrote: >> Typically the pppoe server is at the tower, so it has a local pool to >> hand out, if the customer needs a static, that would be assigned via >> PPPOE as well as a framed route if they need a specific block. For MT >> there are a number of radius attributes, but the simplest is >> address-group, If all pppoe servers are configured the same, giving a >> address group lobs them into anything such as filters, firewall, >> redirection etc. the last though is ip pool, so that you can give them a >> redirected pool and not use a public IP if they are not auth. Big thing, >> they should always auth, just get redirected if not valid. :) >> >> >> Dennis Burgess, CTO, Link Technologies, Inc. >> den...@linktechs.net – 314-735-0270 x103 – www.linktechs.net >> >> -----Original Message----- >> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Simon Westlake >> Sent: Wednesday, January 6, 2016 8:50 PM >> To: af@afmug.com >> Subject: [AFMUG] RADIUS >> >> For those of you using RADIUS to manage your customers (whether via >> PPPoE, or something else), how are you doing it? Are you using pools, >> static addresses or a mixture? Are you using groups to control >> access/redirect to delinquency pages etc or other methods? What kind of >> attributes are you using? What is/are your NAS? I'm guessing mostly >> Mikrotik in this group! >> >> I'm working on a bunch of RADIUS stuff right now, and trying to build it >> to be as flexible as possible.. any input any of you can give on how you >> use RADIUS on your network would be very much appreciated! >> >> -- >> Simon Westlake >> Skype: Simon_Sonar >> Email: simon@sonar.software >> Phone: (702) 447-1247 >> --------------------------- >> Sonar Software Inc >> The next generation of ISP billing and OSS https://sonar.software >> > -- Simon Westlake Skype: Simon_Sonar Email: simon@sonar.software Phone: (702) 447-1247 --------------------------- Sonar Software Inc The next generation of ISP billing and OSS https://sonar.software
